General
-
Target
ffd2b60afb1bca2bcb10f837c46f074d_JaffaCakes118
-
Size
818KB
-
Sample
240930-djcnjsyfrh
-
MD5
ffd2b60afb1bca2bcb10f837c46f074d
-
SHA1
4af2f056647ad58f775ae5715e0e349c45ee0ce7
-
SHA256
a610aef74fae3f178f3c3752ba83a6e7b8ea82bab12d66471eb48240c02779c1
-
SHA512
d88932d047ee5dd4d8fcc01eba3562f944ecd27cfc951682d4cf1a3edf5d4c15e05d117036952564c669a72a8cae8d33f6b0d7adab5b23f0cda71d204b1d3bd8
-
SSDEEP
12288:cUDrWv1r25ge9RHRvcJvKe8uabWhM/QZLAgtvDLkegot1ysvRDvMc2qCGe6XsHAY:cUDS9q51RxyKe8uLdZsgtvkJ/KbMVAN
Malware Config
Targets
-
-
Target
ffd2b60afb1bca2bcb10f837c46f074d_JaffaCakes118
-
Size
818KB
-
MD5
ffd2b60afb1bca2bcb10f837c46f074d
-
SHA1
4af2f056647ad58f775ae5715e0e349c45ee0ce7
-
SHA256
a610aef74fae3f178f3c3752ba83a6e7b8ea82bab12d66471eb48240c02779c1
-
SHA512
d88932d047ee5dd4d8fcc01eba3562f944ecd27cfc951682d4cf1a3edf5d4c15e05d117036952564c669a72a8cae8d33f6b0d7adab5b23f0cda71d204b1d3bd8
-
SSDEEP
12288:cUDrWv1r25ge9RHRvcJvKe8uabWhM/QZLAgtvDLkegot1ysvRDvMc2qCGe6XsHAY:cUDS9q51RxyKe8uLdZsgtvkJ/KbMVAN
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
UAC bypass
-
ModiLoader Second Stage
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
2Virtualization/Sandbox Evasion
1